The main Snowflake bridge (https://metrics.torproject.org/rs.html#details/5481936581E23D2D178105D44DB6…)
is starting to become overloaded, because of a recent substantial
increase in users. I think the host has sufficient CPU and memory
headroom, and pluggable transport process (that receies WebSocket
connections and forwards them to tor) is scaling across multiple cores.
But the tor process is constantly using 100% of one CPU core, and I
suspect that the tor process has become a bottleneck.
…
[View More]Here are issues about a recent CPU upgrade on the bridge, and
observations about the proportion of CPU used by different processes:
https://bugs.torproject.org/tpo/anti-censorship/pluggable-transports/snowfl…https://bugs.torproject.org/tpo/anti-censorship/pluggable-transports/snowfl…
I have the impression that tor cannot use more than one CPU core—is that
correct? If so, what can be done to permit a bridge to scale beyond
1×100% CPU? We can fairly easily scale the Snowflake-specific components
around the tor process, but ultimately, a tor client process expects to
connect to a bridge having a certain fingerprint, and that is the part I
don't know how to easily scale.
* Surely it's not possible to run multiple instances of tor with the
same fingerprint? Or is it? Does the answer change if all instances
are on the same IP address? If the OR ports are never used?
* OnionBalance does not help with this, correct?
* Are there configuration options we could set to increase parallelism?
* Is migrating to a host with better single-core performance the only
immediate option for scaling the tor process?
Separate from the topic of scaling a single bridge, here is a past issue
with thoughts on scaling beyond one bridge. it looks as though there are
not ways to do it that do not require changes to the way tor handles its
Bridge lines.
https://bugs.torproject.org/tpo/anti-censorship/pluggable-transports/snowfl…
* Using multiple snowflake Bridge lines does not work well, despite that
we could arrange to have the Snowflake proxy connect the user to the
expected bridge, because tor will try to connect to all of them, not
choose one at random.
* Removing the fingerprint from the snowflake Bridge line in Tor Browser
would permit the Snowflake proxies to round-robin clients over several
bridges, but then the first hop would be unauthenticated (at the Tor
layer). It would be nice if it were possible to specify a small set of
permitted bridge fingerprints.
[View Less]
Hi,
relayor v22.0.0-rc is released.
relayor is an ansible role that helps you with running tor relays with minimal effort (automate everything).
https://github.com/nusenu/ansible-relayor#main-benefits-for-a-tor-relay-ope…
Changes since relayor v21.2.0-rc:
* MetricsPort support improvements:
* generate nginx reverse server config for remote prometheus scraping on the relay (we do not install nginx)
* generate htpasswd file for HTTP basic auth of MetricsPort on the relay
* debian/…
[View More]ubuntu: support new alpha repos (branch name is no longer included in the repo name).
* FreeBSD 12.3 is supported
kind regards,
nusenu
--
https://nusenu.github.io
[View Less]
Hello everyone,
As we all know, nodes are the building blocks of the tor-network. More
often than not these nodes require some maintenance, which could be in the
form of software upgrades, troubleshooting issues, rebooting the relays in
case of failures, etc.
As of today, if any relay disappears from the tor-network, no one will
know. Tor-Weather aims at solving this by creating a notification service
which relay operators can subscribe to in order to get various types of
updates for their …
[View More]relays.
The tor-weather service will offer a plethora of notifications options for
the relays. These include, the node being down, running on EOL/Outdated
version, losing a flag, ranking in top 20/50/100, etc. These notifications
can be subscribed & customized by the relay operators to fit their needs
using a web-frontend.
Folks interested in the project can refer this
<https://lists.torproject.org/pipermail/tor-dev/2022-May/014734.html>
thread in the tor-dev mailing list for regular updates. Suggestions are
always welcomed! Please reach out to us in irc (#tor-dev) for any ideas,
questions, or suggestions you might have.
Thanks,
Sarthik Gupta
[View Less]
Hi all - I've been running a TOR non-exit relay for several months now.
Its rare, but I'm seeing what I believe is the occasional connection
attack, with my relay complaining about the number of connections and
suggesting I reduce capacity. Those are rare, and most of the time my
server is running at about 20% CPU. During attacks, which seem unrelated
to my Tor Upload/Download rate, CPU jumps to well over 100% (quad core,
so 400% is max).
I'd normally just ignore this, but it …
[View More]seems to be impacting other
aspects of my network experience: Messenger Rooms will unexpected
close, NetFlix gets "unable to stream this title", family complains
about slow and dropped connections, etc. Just had it happen a few
minutes ago with a Messenger Room and sure enough, CPU is at 130%, even
though I'm only pumping about 15MB/Sec (37.5MB/S limit, 56.2 burst, 40.3
observered) over my gigabit ISP connection. Speedtest shows the
performing within acceptable parameters.
So contemplating what I can do, since this is bothersome. I've come up
with a few alternatives, and curious about your thoughts:
1) Do some type of connection limiting at my PFSense Plus firewall.
Perhaps limiting things to, say, 30 connections per IP address? Not
even sure that is possible, but figure it might lighten the load on the
TOR server.
2) Drop being a TOR non-exit relay and convert to a bridge. Not sure
how long, if ever, it would take for my IP address, which is now public,
to fade off of block lists... Not ideal, but at least as a bridge I'd
still be servicing the environment.
3) Try connection limiting via iptables on the TOR host. Just seems
like doing that at the firewall would be better.
Thoughts?
Kevin
[View Less]
Hey,
new non-exit relay, Debian 11, tor 0.4.7.8-1~d11.bullseye+1, ~ 1 week
old (-> no guard)
KVM VM with atm 4 cores, host passthrough AMD EPYC (-> AES HW accel.).
As can be seen at the attached screenshots memory consumption is
irritating as well as the quite high CPU load.
All was fine when it had ~100 Mbit/s but then onion skins exploded (110
per second -> up to 4k per second) as well as CPU and memory.
Tor complains:
> Your computer is too slow to handle this many …
[View More]circuit creation
requests! Please consider using the MaxAdvertisedBandwidth config option
or choosing a more restricted exit policy.
And from time to time memory killer takes action
torrc is pretty basic:
Nickname 123
ContactInfo 123
RunAsDaemon 1
Log notice syslog
RelayBandwidthRate 2X MBytes
RelayBandwidthBurst 2X MBytes
SocksPort 0
ControlSocket 0
CookieAuthentication 0
AvoidDiskWrites 1
Address xxxx
OutboundBindAddress yyyy
ORPort xxxx:yyy
Address [zzzz]
OutboundBindAddress [zzz]
ORPort [zzz]:xxx
MetricsPort hhhh:sss
MetricsPortPolicy accept fffffff
DirPort yy
Sandbox 1
NoExec 1
CellStatistics 1
ExtraInfoStatistics 1
ConnDirectionStatistics 1
EntryStatistics 1
ExitPortStatistics 1
HiddenServiceStatistics 1
Ideas/suggestions (apart from limiting BW) to fix this?
Thanks
fran
[View Less]
Hi everyone,
This month we won't have our monthly online check-in as many of us are
traveling or on vacation mode. But, don't feel sad, we will have two
activities this weekend!
1. (livestream): Modernizing the Tor Ecosystem for the Future, 2022-07-24,
15:00-15:50 with Alexander Færøy (ahf), Network Team Lead.
Read more: https://program.mch2022.org/mch2021-2020/talk/MUP7MX/
2. Relay Operator Meetup @ May Contain Hackers (MCH2022)
ahf, Artikel10 and many others Tor contributors are at MCH …
[View More]and they are
organizing a relay operator meetup! If you are at MCH2022, please get in
touch with them!!
https://blog.torproject.org/event/mch2022/
The next meetup will be at the end of August. I'll send the invitation
at the beginning of August. :)
cheers,
Gus
--
The Tor Project
Community Team Lead
[View Less]
Good day all. I am currently running two middle relays on my home network and was wondering if I can add any bridges to my existing set up. I am aware of the limit of two middle relays per ip address but do not see anything stating whether there was any such limit for bridges. I am also not clear on whether the bridges are recognized by the tor network in the same manner as Middle relays and whether the two unit limit applies to the total of devices connected.
Thank you in advance for any …
[View More]guidance and always remember....
They are watching
[View Less]
Greetings! I hope this is the right list to be asking this, if it is not
please forgive me. I am purposefully omitting some identifying
information for privacy sake.
I run 2 non-exit relays both with an advertised bandwidth of around 8
MiB/s each. I have noticed that they have been overloaded a lot lately.
These relays have been bottlenecked at the 3-4 MiB/s mark ever since I
put them online. Upon further investigation, when I curled the
MetricsPort according to
https://support.…
[View More]torproject.org/relay-operators/relay-bridge-overloaded/,
the following metrics stood out to me. Both relays run on the same
machine with the same IP address. I hope the obfuscation makes sense.
Side note: I am using Toralf's ddos-inbound script, which has not
dropped any connections at all for me when using the -b then -s switch.
CPU utilization is high (80%) on one core but low on the rest (5-30%) In
the syslog, I also get spammed with "Your computer is too slow to handle
this many circuit creation requests! Please consider using the
MaxAdvertisedBandwidth config option or choosing a more restricted exit
policy. [28xxx similar message(s) suppressed in last 34200 seconds]"
Relay 1:
tor_relay_load_onionskins_total{type="ntor_v3",action="processed"} 750xxxx
tor_relay_load_onionskins_total{type="ntor_v3",action="dropped"} 17
tor_relay_load_global_rate_limit_reached_total{side="read"} 6xxxx
tor_relay_load_global_rate_limit_reached_total{side="write"} 17xxxx
Relay 2:
tor_relay_load_onionskins_total{type="ntor_v3",action="processed"} 10xxxxxx
tor_relay_load_onionskins_total{type="ntor_v3",action="dropped"} 28xxxx
tor_relay_load_global_rate_limit_reached_total{side="read"} 20xxxxx
tor_relay_load_global_rate_limit_reached_total{side="write"} 19xxxx
All other metrics are normal according to the article on overloaded
relays. This runs in a Debian Proxmox VM using the host cpu, so no CPU
virtualization. 4 cores, 8GB memory, and AES is supported. It's 2x Xeon
2628v3s with NUMA enabled in the VM (2 sockets, 2 cores per socket).
Enabling NUMA and de-virtualizing the CPU has helped increase my top
bandwidth by around .7 to .9 mbytes/s, but still not great.
Thank you in advance.
[View Less]